After the "NM" entry is located in the .ISO file UltraISO executes _strncpy function
with maxlen argument calculated directly from the ISO header's byte field NM_hdr.len -
the length of the alternate name.

UltraISO assumes this field is always larger than 5 bytes however if attacker forces it to be
less than that value the maxlen parameter for the _strncpy function will be extremely big
(NM_hdr.len - 5, result is unsigned).

Later the memset function (inside the _strncpy function) is executed where the extremely big size
parameter is used which leads to memory corruption.